-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat AMQ Broker 7.8.1 release and security update Advisory ID: RHSA-2021:0417-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2021:0417 Issue date: 2021-02-04 Keywords: amq,messaging,integration,broker Cross references: RHBA-2021:68136-02 CVE Names: CVE-2020-8908 CVE-2020-27218 ==================================================================== 1. Summary: Red Hat AMQ Broker 7.8.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.8.1 serves as a replacement for Red Hat AMQ Broker 7.8.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * jetty: buffer not correctly recycled in Gzip Request inflation (CVE-2020-27218) * guava: local information disclosure via temporary directory created with unsafe permissions (CVE-2020-8908) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1902826 - CVE-2020-27218 jetty: buffer not correctly recycled in Gzip Request inflation 1906919 - CVE-2020-8908 guava: local information disclosure via temporary directory created with unsafe permissions 5. References: https://access.redhat.com/security/cve/CVE-2020-8908 https://access.redhat.com/security/cve/CVE-2020-27218 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.8.1 https://access.redhat.com/documentation/en-us/red_hat_amq/7.8/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBv4jtzjgjWX9erEAQinBg/9H6u6x2SFgPKKCG2TR7jXg65mQddZ5x+T SiKeNKEERx/dnhIaMit0GZsfcnFoUF+JlEClhO9KbgUxHBUY9rGmfONgKQJf2O9u qP4DVpvNLnSETqNPfE3GjWZu8lBN3onZuAMggIzEXq/SBxx9ChpUGmpVBb964VCs Hj8pwqZWasdlrB4DY1uXVYZYDxPHFPVSPdHMm/b8ODn/ot2LvNFXHZQdYBY61PrS Nb57IxdyQek7Y0u8UxJwdmIpYOWPm6vqoCa6czjaUx4MxbiehfRmnV7MX9VaB7aI N+e63ZneXYYH/LwI3oRMHhtcdyPOi7gzsZYfDIWujq9xBAkWWBWkwEEgFHVWhqRH vgLVhWXVJmtVZPRhhI9Wfo5VbOPNVh4qUwxYlvzIdTxjdk0BK6TueyrHSeuwStxB 9VsFBFhHJtcWHH6M+JtY9hLDz68L8tjKgYK801koIfWqgxRGIOXn0z787dLphG9Z OG0NlIy4zcOJzOXuQm1evWHqhOQjKHSjreyvziAXzLzh7Uvsa+k0bBw3uJYT+dOP BxE390a9dcBzGzmdpo5+DqTI+3yv0rPgQmXuklPKNzlTmoAWg/bFgPyXvR+J4koh yFAS+gP1dq+4fr9I4Hljegkf5o5jYukYQ71sc1ttZ24YpyYBDa5sEGjBuTgRVRmD HRgeMeWdKcw=jpqM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce